fix release-rc-pr workflow

[onlyjackfrost]

This PR help release RC operation
To release a rc version, mamnully trigger the Create RC Release PR action and filling the related image version

It will raise a release PR for you

After the PR is reviewed and merged, you can add a comment with /release-rc to create the release

After the release workflow is done, you can jump to the release page via link in the comment

Release note

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Introduced an automated workflow that creates release candidates, builds packages for macOS, Linux, and Windows, and automatically generates release notes.

• Chores

  • Improved build consistency for Linux and Windows by adjusting build commands.
  • Simplified the release process by streamlining the pull request creation steps.

[coderabbitai]

Walkthrough

This pull request introduces a new GitHub Actions workflow to automate release candidate (RC) creation and updates an existing workflow that streamlines the PR creation process. It also modifies the Makefile to disable cgo for Linux and Windows builds while retaining the Darwin build configuration. The new RC workflow handles manual and issue-triggered events to build, package, and release artifacts for multiple platforms, and the updated PR workflow simplifies branch management using the latest pull-request action.

Changes

File(s)	Change Summary
.github/workflows/create-rc-release.yaml, .github/workflows/create-rc-release-pr.yaml	Added a new RC release workflow triggered manually/via issue comment; updated the PR workflow by removing manual branch steps and leveraging peter-evans/create-pull-request@v7 to automate PR creation.
wren-launcher/Makefile	Updated build commands: set CGO_ENABLED=0 for Linux and Windows builds while retaining CGO_ENABLED=1 for the Darwin build.

Possibly related PRs

• chore: add github action to raise release RC PR #1429: The changes in the main PR, which introduce a new GitHub Actions workflow for creating release candidates, are related to the retrieved PR that also involves a GitHub Actions workflow for automating the creation of release candidate pull requests, particularly in how both workflows manage versioning and automate release processes.

Suggested labels

module/ui, launcher

Poem

Hop along in code tonight,
I’m a bunny making changes bright.
New workflows spring, a festive sight,
Building, packaging, with pure delight.
Cheer with ASCII hops and bytes,
For release magic done just right!
🐰✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/release-rc-pr.yaml (1)

71-72: Branch Naming and Commit Message:
Using the input release_version to construct both the branch name (release/${{ github.event.inputs.release_version }}) and the commit message is a clean and direct approach. Ensure that the release_version value is validated or sanitized (if necessary) to prevent any issues with invalid characters in branch names.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 39a7bea and c566a96.

📒 Files selected for processing (1)

• .github/workflows/release-rc-pr.yaml (1 hunks)

🔇 Additional comments (1)

.github/workflows/release-rc-pr.yaml (1)

67-68: PR Creation Step Update:
The new step leverages peter-evans/create-pull-request@v7 to simplify the process of creating a release RC pull request by removing manual branch creation, committing, and pushing steps. This reduces complexity and improves maintainability. Please verify that all needed configurations (such as labels or reviewers, if applicable) are handled elsewhere.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

.github/workflows/create-rc-release.yaml (4)

1-3: File Header and Naming Clarification
The file header correctly identifies the workflow, and the naming is clear. For improved clarity and maintainability, consider adding a brief comment at the top summarizing the workflow’s purpose and linking to relevant documentation if applicable.

---

15-17: Update Checkout Action Version
Static analysis points out that actions/checkout@v3 may be outdated. To stay current with GitHub Actions best practices and potentially benefit from performance or security improvements, consider updating this to the latest stable version (e.g., actions/checkout@v4) if available.

-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

🧰 Tools

🪛 actionlint (1.7.4)

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-22: Review Setup-Go Action Version
Similarly, the static analysis indicates that actions/setup-go@v4 might be outdated. Please verify if a newer version (e.g., actions/setup-go@v5) is available and consider updating to ensure compatibility with the latest Go tooling improvements.

-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5

🧰 Tools

🪛 actionlint (1.7.4)

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

27-38: GitHub Release Creation Step Configuration
The release step is well configured:

• It uses softprops/action-gh-release@v2 to create a GitHub release.
• The files list covers distribution artifacts for different OS targets.
• The tag is set using the user-provided release_version input, with prerelease mode activated and release notes generated automatically.

Just verify that the file paths provided (lines 31–33) match the actual locations of your built artifacts to avoid release failures.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c566a96 and 67125ed.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (3)

.github/workflows/create-rc-release.yaml (3)

4-9: Workflow Dispatch Input Configuration
The workflow dispatch input for release_version is well structured with a clear description and required flag, ensuring that manual triggers provide the necessary version format (e.g., "0.23.0-rc.1").

---

10-13: Job Environment Setup
The job is properly defined to run on ubuntu-latest, which is standard and suitable for the build and release operations.

---

23-26: Build Project Step Verification
The build step correctly changes the working directory to ./wren-launcher and runs make build. Ensure that the specified directory exists in the repository and that the build command aligns with your current project structure.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

wren-launcher/Makefile (1)

5-6: Ensure Correct CGO Settings for Linux and Windows Builds.
Setting CGO_ENABLED=0 for both Linux and Windows targets is a deliberate improvement to ensure static builds without C dependency interference. This change aligns well with the objective of simplifying release consistency.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 67125ed and 35928fa.

📒 Files selected for processing (1)

• wren-launcher/Makefile (1 hunks)

🔇 Additional comments (2)

wren-launcher/Makefile (2)

1-4: Overall Build Target Structure is Intact.
The build target remains clear and well-organized. The Darwin build retains CGO_ENABLED=1—which is appropriate if macOS-specific cgo behaviors are desired—while Linux and Windows builds now disable cgo. The permission settings and archive commands maintain clarity and consistency.

Also applies to: 7-10

---

12-17: Clean and Rebuild Targets Verified.
The clean and rebuild targets continue to function as expected by ensuring a fresh build environment. This preserves the integrity of the build process.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/create-rc-release.yaml (2)

15-16: Update GitHub Actions Version for Checkout
The workflow uses actions/checkout@v3, which has been flagged by static analysis as outdated. Consider upgrading to a newer version (e.g., actions/checkout@v4) if available to benefit from the latest fixes and features.

🧰 Tools

🪛 actionlint (1.7.4)

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-21: Update GitHub Actions Version for Setup-Go
The actions/setup-go@v4 step is similarly reported as using an older runner version. Verify if a newer version (for instance, a potential v5) is available to capture any improvements and security enhancements.

🧰 Tools

🪛 actionlint (1.7.4)

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35928fa and 2276e5e.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (4)

.github/workflows/create-rc-release.yaml (4)

1-2: Workflow Header and Naming
The header and workflow name ("Create RC Release") clearly indicate the purpose of the workflow.

---

4-9: Well-Defined Trigger Configuration
The workflow_dispatch trigger with a required release_version input is clearly defined and user-friendly.

---

10-13: Job Definition is Clear
The job configuration using runs-on: ubuntu-latest is straightforward and appropriate for building and releasing the project.

---

34-45: GitHub Release Creation is Configured Correctly
The step to create a GitHub release using softprops/action-gh-release@v2 is well-configured. It properly uploads the built distribution files and uses the provided release_version for tagging while authenticating with the GITHUB_TOKEN.

[coderabbitai]

🛠️ Refactor suggestion

Ensure BINARY_NAME is Defined
The build commands reference the environment variable ${BINARY_NAME} without any visible definition in the workflow. This may lead to build failures. Consider defining this variable at the job level or passing it as an additional input to the workflow. For example, you could add an env block at the job level with a default value for BINARY_NAME.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/create-rc-release.yaml (1)

4-10: Enhance Input Validation for Release Version
The release_version input is correctly configured for manual dispatch. Consider adding a pattern attribute (using a regex) to enforce the expected semantic version format (e.g., ^\d+\.\d+\.\d+-rc\.\d+$) so that invalid inputs can be caught early.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2276e5e and c5c53b8.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (4)

.github/workflows/create-rc-release.yaml (4)

11-13: Job Configuration Looks Good
The job is set up correctly to run on ubuntu-latest and does not require changes.

---

29-41: Verify GitHub Release Artifact Configuration
The release step uses softprops/action-gh-release@v2 with the correct configuration for a pre-release and automatic release note generation. Once the build step is adjusted to produce all expected artifacts, double-check that the file paths (e.g., ./wren-launcher/dist/wren-launcher-darwin.tar.gz) correctly point to the built files.

---

18-22:

Details

❌ Incorrect review comment

Update Go Setup Action Version
The step for setting up Go uses actions/setup-go@v4, which may also be outdated according to static analysis. Verify if a newer version is available (such as actions/setup-go@v5 if released) and update accordingly for improved performance and security.

---

Verification of Go Setup Action Version
After checking the available tags for the Go setup action, it appears that actions/setup-go@v4 remains the latest stable release. There isn’t a v5 release at this time, so no update is needed.

Likely an incorrect or invalid review comment.

🧰 Tools

🪛 actionlint (1.7.4)

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

15-16:

Details

✅ Verification successful

Update Checkout Action Version
The workflow currently uses actions/checkout@v3. Static analysis suggests that this version may be outdated. Please consider updating to a more recent version (for example, actions/checkout@v4) to ensure you benefit from the latest fixes and improvements.

---

No Checkout Action Update Required
After verifying the latest information on GitHub’s official releases, there is no stable actions/checkout@v4 available. The workflow’s use of actions/checkout@v3 is currently the most up-to-date and appropriate version. Please maintain the current version until an official stable v4 release is announced.

🧰 Tools

🪛 actionlint (1.7.4)

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/create-rc-release.yaml (2)

15-17: Action Version Review: Checkout Repository.
The checkout step is using actions/checkout@v3. Static analysis hints suggest that this runner version might be outdated. Please review and verify if a newer major version (if available) should be used to benefit from the latest fixes and improvements.

🧰 Tools

🪛 actionlint (1.7.4)

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-22: Action Version and Go Version Verification: Set up Go.
The Go setup step uses actions/setup-go@v4 with a specified Go version of 1.22.0. Although this is explicit, static analysis indicates that the runner might be outdated. Please ensure that both the action version and the Go version are up-to-date with your project’s requirements and the latest stable releases.

🧰 Tools

🪛 actionlint (1.7.4)

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5c53b8 and e9c172c.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

16-16: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

19-19: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (6)

.github/workflows/create-rc-release.yaml (6)

1-3: Workflow Declaration and Naming are Clear.
The header clearly indicates that this workflow is for creating an RC release. The name and file header are descriptive and correctly placed.

---

4-9: Trigger Configuration is Well Defined.
The workflow_dispatch event with a required release_version input is clearly specified, ensuring that the manual trigger provides the necessary release version in the proper format.

---

23-29: macOS Build Step Validation.
The build commands for macOS are clearly defined, creating the distribution directory, building the binary, setting executable permissions, and packaging the binary into a tar.gz file. Confirm that the resultant file will be correctly located for subsequent release steps.

---

30-36: Linux Build Step is Well Implemented.
The Linux build step is straightforward, including the correct environment variables and packaging the binary into a tar.gz file. This should work as expected.

---

37-43: Windows Build Step Looks Correct.
The Windows build step correctly compiles the binary and packages it using zip. Verify that the runner environment includes the zip utility, although this is typically available on GitHub’s Ubuntu runners.

---

44-56: GitHub Release Step is Properly Configured.
The release step leverages softprops/action-gh-release@v2 to create a pre-release, generate release notes, and upload multiple artifacts. The file paths accurately refer to the outputs from the build steps.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/create-rc-release.yaml (3)

14-16: Update Checkout Action Version
The checkout step uses actions/checkout@v3, but static analysis indicates that this version is outdated. Consider upgrading to a newer release (e.g. actions/checkout@v4) to benefit from improved performance and bug fixes.

🧰 Tools

🪛 actionlint (1.7.4)

15-15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

17-21: Review Go Setup Action Version
The Go setup step employs actions/setup-go@v4, which has also been flagged as outdated by static analysis. Verify if a more recent version is available and update accordingly to ensure optimal compatibility with GitHub Actions.

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

22-28: macOS Build Step
The macOS build step successfully creates the distribution directory, compiles the binary, and packages it into a tar.gz file. For future flexibility, consider parameterizing the output directory or binary name if customization becomes necessary.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e9c172c and 2c85096.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

15-15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-18: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (5)

.github/workflows/create-rc-release.yaml (5)

1-9: Workflow Trigger Setup Looks Good
The workflow_dispatch event and its input parameter release_version are clearly defined and marked as required. This ensures that users must provide a value when triggering the workflow.

---

29-35: Linux Build Step
The Linux build commands correctly compile the binary and package it into a tar.gz file. The approach is consistent with the macOS step and looks solid.

---

36-42: Windows Build Step
The Windows build step compiles the executable and packages it as a zip file. The implementation is consistent with the other platform steps and meets the expected distribution format.

---

43-54: GitHub Release Creation
The release step uses softprops/action-gh-release@v2 effectively to create a GitHub release and upload artifacts. Ensure that the artifact file paths accurately reflect the outputs from the build steps and consider performing an end-to-end test to verify the release creation process in practice.

---

1-55: Overall Workflow Review
This new workflow clearly streamlines the RC release process by building binaries for macOS, Linux, and Windows, and then packaging and releasing them via GitHub. The logical ordering and use of dedicated actions simplify the release process. Addressing the static analysis suggestions regarding action version updates will further strengthen the workflow.

🧰 Tools

🪛 actionlint (1.7.4)

15-15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-18: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.github/workflows/create-rc-release-pr.yaml (1)

27-66: Overall Workflow Logic and Debugging Improvements
The earlier steps (from checkout through displaying the git diff) remain unchanged and are used for verifying modifications. Ensure that the git diff output does not leak any sensitive information (if that is a potential concern) once debugging is complete.

🧰 Tools

🪛 actionlint (1.7.4)

28-28: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2c85096 and 82d2c63.

📒 Files selected for processing (2)

• .github/workflows/create-rc-release-pr.yaml (1 hunks)
• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

27-27: workflow command "set-output" was deprecated. use echo "{name}={value}" >> $GITHUB_OUTPUT instead: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions

(deprecated-commands)

---

27-27: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details

(expression)

🔇 Additional comments (2)

.github/workflows/create-rc-release-pr.yaml (1)

67-75: Streamlined PR Creation Step Added
The new "Create PR" step using peter-evans/create-pull-request@v7 simplifies the process by eliminating manual branch creation, committing, and pushing steps. The dynamic branch naming, commit message, title, and body based on the input release version make the workflow much more maintainable.

.github/workflows/create-rc-release.yaml (1)

53-65: GitHub Release Creation Step Review
The release creation step using softprops/action-gh-release@v2 is implemented correctly. Ensure that the file paths, tag name (sourced from the parsed release version), and the pre-release flag meet your release candidate requirements.

[coderabbitai]

🛠️ Refactor suggestion

Action Version Update: Set Up Go
The step uses actions/setup-go@v4. Similar to the checkout action, please verify if a newer version (e.g., v5) is available to ensure the best performance and security practices are followed.

🧰 Tools

🪛 actionlint (1.7.4)

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.github/workflows/create-rc-release.yaml (1)

32-52: Optional: Enhance Robustness in Build Steps
In the build steps (lines 32–38 for macOS, 39–45 for Linux, and 46–52 for Windows), consider adding set -e at the beginning of each multi-line shell script. This will ensure that the script exits immediately in case any command fails, thereby helping to catch build errors early. This is optional but can improve the robustness of the build process.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 82d2c63 and abf9d86.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

27-27: workflow command "set-output" was deprecated. use echo "{name}={value}" >> $GITHUB_OUTPUT instead: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions

(deprecated-commands)

---

27-27: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details

(expression)

🔇 Additional comments (2)

.github/workflows/create-rc-release.yaml (2)

53-64: Release Step Verification
The "Create GitHub Release" step (lines 53–64) effectively packages and uploads the artifacts for macOS, Linux, and Windows. Please ensure that the file paths provided under the files input correctly point to the generated artifacts. If there’s any deviation in the artifact locations or names, update the paths accordingly to avoid release issues.

---

25-30:

Details

✅ Verification successful

Replace Deprecated set-output and Sanitize Input
The "Parse release version from PR title" step (lines 25–30) employs the deprecated set-output command and directly references github.event.issue.title, which may be untrusted. To align with updated GitHub Actions practices and enhance security, refactor this step to write directly to $GITHUB_OUTPUT and pass the issue title through an environment variable. For example, consider the following diff:

-          release_version=$(echo ${{ github.event.issue.title }} | sed -n 's/^Release \(v[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/p')
-          echo "Release version: $release_version"
-          echo "::set-output name=release_version::$release_version"
+          release_version=$(echo "$GITHUB_ISSUE_TITLE" | sed -n 's/^Release \(v[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/p')
+          echo "Release version: $release_version"
+          echo "release_version=$release_version" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_ISSUE_TITLE: ${{ github.event.issue.title }}

This change not only mitigates the risks from unfiltered event values but also conforms to the latest GitHub Actions syntax.

---

Action Required: Update GitHub Actions Workflow for Security and Compatibility

The code in .github/workflows/create-rc-release.yaml (lines 25–30) uses the deprecated set-output command and directly interpolates an unverified event value. For improved security and compatibility with current GitHub Actions practices, please refactor this step as follows:

• Input Sanitization: Pass the PR title via an environment variable (e.g., GITHUB_ISSUE_TITLE) instead of directly referencing ${{ github.event.issue.title }}.
• Output Handling: Replace the deprecated set-output command with the recommended method of appending to $GITHUB_OUTPUT.

Proposed Diff:

-          release_version=$(echo ${{ github.event.issue.title }} | sed -n 's/^Release \(v[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/p')
-          echo "Release version: $release_version"
-          echo "::set-output name=release_version::$release_version"
+          release_version=$(echo "$GITHUB_ISSUE_TITLE" | sed -n 's/^Release \(v[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/p')
+          echo "Release version: $release_version"
+          echo "release_version=$release_version" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_ISSUE_TITLE: ${{ github.event.issue.title }}

This change ensures that:

• Untrusted input is handled safely.
• The workflow complies with the latest GitHub Actions guidelines.

🧰 Tools

🪛 actionlint (1.7.4)

27-27: workflow command "set-output" was deprecated. use echo "{name}={value}" >> $GITHUB_OUTPUT instead: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions

(deprecated-commands)

---

27-27: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details

(expression)

[coderabbitai]

🛠️ Refactor suggestion

Upgrade Setup-Go Action Version
Similarly, the workflow uses actions/setup-go@v4 on line 20–22. Checking for a newer version (such as actions/setup-go@v5) is recommended to ensure optimal performance and take advantage of recent enhancements and security updates.

🧰 Tools

🪛 actionlint (1.7.4)

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/create-rc-release.yaml (1)

15-15: 💡 Verification agent

❓ Verification inconclusive

Refine the Job Condition for Event‐Type Robustness
The condition on line 15 directly accesses github.event.comment.body and github.event.issue.title, which may not be defined when the workflow is triggered via workflow_dispatch. This can lead to runtime errors or skipped jobs. Consider updating the condition to differentiate between trigger types. For example:

-    if: contains(github.event.comment.body, '/release-rc') && startsWith(github.event.issue.title, 'Release')
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/release-rc') && startsWith(github.event.issue.title, 'Release'))

This change ensures that when the workflow is manually triggered, it does not attempt to access undefined event properties.

---

Update Job Condition to Handle Undefined Event Properties
The current condition in .github/workflows/create-rc-release.yaml (line 15) directly accesses github.event.comment.body and github.event.issue.title, which can lead to runtime errors when the workflow is manually triggered via workflow_dispatch because these properties may not be defined.

Recommendations:

• Refactor the condition to explicitly handle the workflow_dispatch trigger.
• Use a combined conditional that only accesses the comment and issue properties when the event is issue_comment.

For example, consider updating the line as follows:

-    if: contains(github.event.comment.body, '/release-rc') && startsWith(github.event.issue.title, 'Release')
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/release-rc') && startsWith(github.event.issue.title, 'Release'))

This change ensures that workflow runs triggered manually won't try to reference properties that are not available, avoiding potential runtime errors.

🧹 Nitpick comments (2)

.github/workflows/create-rc-release.yaml (2)

17-19: Update Checkout Action Version
The checkout step currently uses actions/checkout@v3 (line 18). Static analysis and previous feedback suggest updating to a newer version (e.g., v4) to benefit from recent improvements and security fixes. Consider applying the following diff:

-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

This update will ensure compatibility with the latest GitHub Actions improvements.

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

20-23: Upgrade Setup-Go Action Version
The Go setup step uses actions/setup-go@v4 (line 21). It is advisable to upgrade to a newer version (for instance, actions/setup-go@v5) for enhanced performance and security. A suggested diff:

-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5

Upgrading will ensure you are aligned with the latest enhancements provided by the action.

🧰 Tools

🪛 actionlint (1.7.4)

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between abf9d86 and d8ecb73.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

27-27: workflow command "set-output" was deprecated. use echo "{name}={value}" >> $GITHUB_OUTPUT instead: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions

(deprecated-commands)

---

27-27: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details

(expression)

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

.github/workflows/create-rc-release.yaml (2)

17-18: Update Checkout Action Version
The workflow currently uses actions/checkout@v3, which is flagged as outdated by static analysis. Upgrading to a newer version (e.g., actions/checkout@v4) can provide enhanced performance and improved security.

-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

20-23: Update Setup-Go Action Version
The step on lines 20–23 uses actions/setup-go@v4, which may be outdated. Consider updating to a newer version (e.g., actions/setup-go@v5) to take advantage of the latest enhancements and security fixes.

-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5

🧰 Tools

🪛 actionlint (1.7.4)

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

.github/workflows/create-rc-release-pr.yaml (2)

27-28: Update Checkout Action Version
The workflow uses actions/checkout@v3 on lines 27–28. Updating this to a newer version (e.g., actions/checkout@v4) can provide better performance and improved security.

-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

🧰 Tools

🪛 actionlint (1.7.4)

28-28: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

59-66: Diagnostic Step: Show Git Diff
The step printing the git diff (lines 59–66) is useful for debugging. In a production environment, consider whether this verbose output is necessary or if it might be reduced to improve log clarity.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d8ecb73 and bed9d59.

📒 Files selected for processing (2)

• .github/workflows/create-rc-release-pr.yaml (2 hunks)
• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

33-33: workflow command "set-output" was deprecated. use echo "{name}={value}" >> $GITHUB_OUTPUT instead: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions

(deprecated-commands)

---

33-33: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details

(expression)

🔇 Additional comments (6)

.github/workflows/create-rc-release.yaml (2)

38-57: Build Steps Verification
The build steps for macOS, Linux, and Windows (lines 38–57) are clearly structured and package the binaries as expected. Just ensure that these commands and environment variable settings (e.g., CGO_ENABLED) align with your overall build and release strategy.

---

59-70: GitHub Release Creation Step
The step utilizing softprops/action-gh-release@v2 appears to correctly configure the release creation with proper tagging, artifact uploads, and pre-release settings. Verify that the generated release notes and pre-release designation meet your process requirements.

.github/workflows/create-rc-release-pr.yaml (4)

30-34: Git Identity Setup Verification
The "Setup Git Identity" step is correctly configuring the git user name and email, ensuring that commits made by the bot are properly attributed.

---

35-44: Update docker.go Modification
The update to wren-launcher/utils/docker.go (lines 35–44) uses sed to modify the WREN_PRODUCT_VERSION. Ensure that the regex pattern matches the file content as expected in all cases.

---

45-57: Environment File Update with sed
The .env.example update (lines 45–57) correctly replaces version values for several environment variables. Verify that these changes match your deployment expectations and that the file format remains consistent.

---

67-76: Streamlined Pull Request Creation
The use of peter-evans/create-pull-request@v7 in the "Create PR" step (lines 67–76) simplifies the process by removing manual branch management. Confirm that the branch naming convention and PR message details meet your release workflow requirements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.github/workflows/create-rc-release.yaml (2)

17-18: Upgrade Checkout Action Version
The workflow uses actions/checkout@v3, which is flagged by static analysis as outdated. Upgrading to a newer version (e.g., actions/checkout@v4) is recommended to leverage improved performance and security.

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

20-23: Update Setup-Go Action Version
The actions/setup-go@v4 action is reported as outdated. Consider upgrading to a newer version (for example, actions/setup-go@v5) to ensure compatibility with the latest features and security updates.

🧰 Tools

🪛 actionlint (1.7.4)

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bed9d59 and 0c63f76.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

18-18: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

21-21: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

33-33: workflow command "set-output" was deprecated. use echo "{name}={value}" >> $GITHUB_OUTPUT instead: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions

(deprecated-commands)

---

33-33: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details

(expression)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/create-rc-release.yaml (2)

15-15: [Critical] Job Condition Limits Manual Trigger Execution
The current job condition on line 15 checks only for an issue_comment event with specific comment and title criteria. This condition prevents the workflow from running when manually triggered via workflow_dispatch—which is one of the primary objectives of this PR.
Suggested Change: Modify the condition to accommodate both event types. For example, you could update it as follows:

-    if: ${{ github.event_name == 'issue_comment' && contains(github.event.comment.body, '/release-rc') && startsWith(github.event.issue.title, 'Release') }}
+    if: ${{ (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/release-rc') && startsWith(github.event.issue.title, 'Release')) || github.event_name == 'workflow_dispatch' }}

This change ensures that the release job executes for both manually triggered workflows and issue comment events.

---

33-41: [Good-to-Have] Enhance Release Version Parsing Robustness
The current script extracts the release version by splitting GITHUB_ISSUE_TITLE on spaces and taking the last token. This approach assumes that the version number is always the last word, which might not be robust if the title contains additional words.
Suggestion: Use a regex to explicitly capture a version string (e.g., in the format vX.Y.Z). For instance:

-          release_version=$(echo "$GITHUB_ISSUE_TITLE" | sed 's/ /\n/g' | tail -n 1)
+          release_version=$(echo "$GITHUB_ISSUE_TITLE" | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+')

This adjustment will ensure that only a valid version string is captured from the title.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0c63f76 and 175e8bc.

📒 Files selected for processing (1)

• .github/workflows/create-rc-release.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/create-rc-release.yaml

23-23: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (1)

.github/workflows/create-rc-release.yaml (1)

22-26: [Good-to-Have] Upgrade Setup-Go Action Version
The workflow currently uses actions/setup-go@v4. Upgrading to actions/setup-go@v5 is recommended to benefit from the latest improvements and security fixes. This feedback duplicates previous suggestions.

🧰 Tools

🪛 actionlint (1.7.4)

23-23: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)